Cannot view attachment from API. Error TLS/SSL not supported

Hello @Dario B ,

Thanks for your reply. :)

I have done what you suggested me to do on curl and here is the results:

Normal:

curl -v -L -u <username>:<password> https://XXXXX.atlassian.net/secure/attachment/27100/XXXXX.xlsx -0 test.xlsx
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connected to XXXX.atlassian.net (xxx.xxx.xxx.xxx) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* error setting certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Curl_http_done: called premature == 0
* Closing connection 0
curl: (77) error setting certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Rebuilt URL to: test.xlsx/
* getaddrinfo(3) failed for test.xlsx:80
* Couldn't resolve host 'test.xlsx'
* Closing connection 1
curl: (6) Couldn't resolve host 'test.xlsx'

Specify protocol: 

curl --tlsv1.2 -v -L -u <username>:<password> https://xxxxx.atlassian.net/secure/attachment/27100/CXXXX.xlsx -0 test.xlsx
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connected to xxxxxx.atlassian.net (xxx.xxx.xxx.xxx) port 443 (#0)
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* error setting certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Curl_http_done: called premature == 0
* Closing connection 0
curl: (77) error setting certificate verify locations:
CAfile: /etc/pki/tls/certs/ca-bundle.crt
CApath: none
* Rebuilt URL to: test.xlsx/
* getaddrinfo(3) failed for test.xlsx:80
* Couldn't resolve host 'test.xlsx'
* Closing connection 1
curl: (6) Couldn't resolve host 'test.xlsx'

Actually, I could download the attachment with the link until recently I got this issue.

Here is my code in C#:

As you can see, I am allowing redirect in my code

private HttpClient CreateClient()
{
    var handler = new HttpClientHandler()
    {
        AllowAutoRedirect = true
    };
    HttpClient client = new HttpClient(handler);

    client.BaseAddress = new Uri(this._baseUrl);
    client.DefaultRequestHeaders.Accept.Add(new  MediaTypeWithQualityHeaderValue("application/json"));
    client.DefaultRequestHeaders.Add("X-Atlassian-Token", "no-check");
    client.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Basic XXXXXXXXXXXX");

    return client;
}


public Task<byte[]> GetFile(string url)
{
    Task<byte[]> ret = default(Task<byte[]>);
    using (var client = CreateClient())
    {
       HttpResponseMessage response = client.GetAsync(url).Result;
       response.EnsureSuccessStatusCode();

       Task<byte[]> cntent = response.Content.ReadAsByteArrayAsync();
       cntent.Wait();
       ret = cntent;
    }
    return ret;
}

The response that I got is :

I don't know if I am doing something wrong or there is a something I am looping. :(

Can you advise please ?

 Thanks

Hi @Ismaël Ayoub ,

In the Curl output I can see 2 different errors: 

1. Your system seems to be unable to find the certificate verify location (where the trusted certificates are stored on your machine) and therefore it is closing the connection :  

   * error setting certificate verify locations:
   CAfile: /etc/pki/tls/certs/ca-bundle.crt
   CApath: none
   * Curl_http_done: called premature == 0
   * Closing connection 0

2. You use -0 (zero) instead -o (output) and therefore curl thinks that's the url to contact: 

   * Rebuilt URL to: test.xlsx/
   * getaddrinfo(3) failed for test.xlsx:80
   * Couldn't resolve host 'test.xlsx'
   * Closing connection 1
   curl: (6) Couldn't resolve host 'test.xlsx'

Now, it can be that there is a problem with the certificate storage path on the machine where you are running the test from, but if this is the case then you shouldn't be able to connect to any other REST API endpoint as well. 

Also, please notice that once again the provided code does not help since is not showing the endpoints called or the logic followed.

Cheers,
Dario

Hello @Dario B

The endpoint I am using is the following: https://XXXXX.atlassian.net/secure/attachment/27122/picture.png

I have found that there is a redirection plus there is a verification of the certificate. Here is the details:

* Preparing request to https://XXXXXX.atlassian.net/secure/attachment/27122/picture.png
* Using libcurl/7.57.0-DEV OpenSSL/1.0.2o zlib/1.2.11 libssh2/1.7.0_DEV
* Current time is 2019-11-12T05:16:52.116Z
* Disable timeout
* Enable automatic URL encoding
* Enable SSL validation
* Enable cookie sending with jar of 0 cookies
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connected to xxxx.atlassian.net (xxx.xxx.xxx.xxx) port 443 (#0)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: \\file\2017-09-20.pem
* CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=US; ST=California; L=San Francisco; O=Atlassian Network Services, Inc.; CN=*.atlassian.net
* start date: Oct 6 00:00:00 2017 GMT
* expire date: Dec 20 12:00:00 2019 GMT
* subjectAltName: host "xxxx.atlassian.net" matched cert's "*.atlassian.net"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.
* Server auth using Basic with user <username>

> GET /secure/attachment/27122/picture.png HTTP/1.1
> Host: selfdeploy.atlassian.net
> Authorization: Basic XXXXXXXXX
> Accept: */*

< HTTP/1.1 302 
< Server: AtlassianProxy/1.15.8.1
< Cache-Control: no-cache, no-store, must-revalidate
< Content-Type: image/png
< Strict-Transport-Security: max-age=315360000; includeSubDomains; preload

* Connection #0 to host XXXXXX.atlassian.net left intact
* Issue another request to this URL: '
Headers["Location"]
* Trying xxx.xxx.xxx.xxx...
* TCP_NODELAY set
* Connected to api.media.atlassian.com (xxx.xxx.xxx.xxx) port 443 (#1)
* ALPN, offering http/1.1
* Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH
* successfully set certificate verify locations:
* CAfile: \\file\2017-09-20.pem
* CApath: none
* TLSv1.2 (OUT), TLS header, Certificate Status (22):
* TLSv1.2 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Client hello (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS change cipher, Client hello (1):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256
* ALPN, server accepted to use http/1.1
* Server certificate:
* subject: C=AU; ST=New South Wales; L=Sydney; O=Atlassian Pty Ltd; CN=*.media.atlassian.com
* start date: Oct 3 00:00:00 2019 GMT
* expire date: Dec 17 12:00:00 2021 GMT
* subjectAltName: host "api.media.atlassian.com" matched cert's "*.media.atlassian.com"
* issuer: C=US; O=DigiCert Inc; OU=www.digicert.com; CN=DigiCert SHA2 High Assurance Server CA
* SSL certificate verify ok.

< HTTP/1.1 200 OK
< date: Tue, 12 Nov 2019 05:15:57 GMT
< content-type: image/png
< content-length: 70812

 In my code I have put a condition like:

if(response2.StatusCode == HttpStatusCode.MovedPermanently || response2.StatusCode == HttpStatusCode.Found)

// take the response2.Headers.Location and GetAsync from the URL.

In doing that, I still got the first error from my first post.

Can you help please ?

Thanks in advance.

Ismaël 

Hi @Ismaël Ayoub ,

From the pasted output I can see that you were able to successful download the file using curl (following redirection). This means the REST API endpoints are working as expected and the problem is with the way your code tries to handle this situation. 

Now, I don't know C# much but by searching a bit I have found the below thread in Stackoverflow that says you should use HttpWebRequest.AllowAutoRedirect Property:

• Download file through code that has a redirect?

The example in there shows:

HttpWebRequest myHttpWebRequest=(HttpWebRequest)WebRequest.Create("http://www.contoso.com");    

myHttpWebRequest.MaximumAutomaticRedirections=1;
myHttpWebRequest.AllowAutoRedirect=true;

HttpWebResponse myHttpWebResponse=(HttpWebResponse)myHttpWebRequest.GetResponse();

Please review above thread (and the links in there) and see if this helps.

Finally, for the future, kindly notice that this might not be the best place to get help on development  related questions. In case further help will be needed on this topic, you might want to refer to the resources listed in https://developer.atlassian.com/resources. Specifically:

• Ask the Developers Community

Cheers,
Dario

Hello @Dario B

Well I no longer get the issue now as it has been solved by itself.

I suspect that there was an issue with the certificate which caused the bug.

Many thanks for your support on this matter and I take your notice on the development related questions.

Thanks,

Cheers,
Ismaël 

Nice to know this is not an issue for you anymore @Ismaël Ayoub ! :) 

Have a nice day,

Dario